We are looking to replace our normal Win2008 R2 IIS server with a Azure Cloud based solution. Our Current use scenario is something like this:
Server A
Hosts 7 Websites.
All Websites are Managed and Maintained with Visual Studio 2010. They are Web Projects, not Web Services. Each of the Sites has unique domain names. www.comanyA.com, www.companyB.com Intranet.companyB.com, etc. There are three sites that are SSL enabled and have Verisign Certificates.
The Sites consist of many asp, aspx and image files. We also create file content on demand (Excel Exports) that users can then click to download. We also make a Connection to a SQL Server for Back-end Data. We would need a Secure Connection to a SQL Azure DB and or an On-Premiss SQL Database (depending on when we move our SQL to SQL Azure).
I Would also need the same Security Permissions setup so all the users have the same permissions that they do for the Existing IIS Server. So I'd like Active Directly Integration.
I'd really rather not have a VM Image that is just running in the cloud. I don't want to have to maintain the OS level of stuff, (Updates, etc)
Is this something that Azure Compute can do for me?
Thanks!
This is not actually a single question. The only real question here that I see is
"Is this something that Azure Compute can do for me?"
And answer is - depends :) To very high degree, Azure compute might and will help you!
To solve challenge #1 (Multiple Websites / no ssl) - the easieast. Check this and that blog posts.
Challenge #2 (Connecting to SQL Azure / On-Premise SQL Server) - second easiest. SQL Azure still supports only SQL Server Authentication and it requires encrypted connection. As for connecting to On-Premise SQL Server, you can use Windows Azure Connect (and here). You can even domain-join your compute instances in the cloud.
Challenge #3 (Active Directory integration) - part of it described in Challenge #2 - domain join your roles! But you could also review the Windows Azure Access Control Service and its ADFS integration.
Challenge #4 (Multiple SSL Enabled sites behind same endpoint). Well, this is the trickiest! In Windows Azure everything lives behind a load balancer. So, you could generally define only one standard HTTPS (on port 443) endpoint. And that's it. Although, you could now have separate SSL certificate for each different SSL enabled site, this is not possible in Windows Azure. For this to work in Windows Azure, you need a Subject Alternative Name certificate (here, here and here are just some examples).
Hope that this helps!
Related
I am new to Azure and just trying to get my head around some things.
I have a web app running locally that now connects to a windows azure SQL database. I want to move my local web app into an azure web role. I have two questions:
Do I need to change my connection string or does it just work?
I am assuming windows azure is smart enough to now know that they are both hosted on azure so each request no longer needs to go over the internet?
Cheers
Do I need to change my connection string or does it just work?
No, this is still that same connection string.
I am assuming windows azure is smart enough to now know that they are both hosted on azure so each request no longer needs to go over the internet?
You're both web site and SQL Azure database will be in Azure data center. It depends in which region your web site and database will be. If they are in the same region you'll have low latencies because it will be in the same data center, however if they are in two different regions, then at one point it has to go through connections between data centers called backbones. Even if those are special very fast connections you'll notice higher latencies.
http://www.azurespeed.com/ web site allows you to check what are the latencies between Azure data centers. This gives you a kind of idea.
Answer 1 : Since you are already connecting to SQL azure from local,
you don't need to change the connection string.
Answer 2: If both your Web Role, and SQL azure are in same Geo
Location (say SoutCentral US) then there will not be much internet
traffic, but it will use azure's network to communicate.
I'm new to Azure and have set up an Asure web site which will connect to a SOLR instance on an Azure VM. The web site cannot communicate with SOLR (port 8080) unless I create an endpoint. In order to create an endpoint I need to provide an internal and external port, however I do not want to allow external/remote access to SOLR, other than from the web site itself. Can anyone tell me how I should allow the web site to communicate with my VM, without making the VM publicly accessible?
Thank you,
JP
As #hhaggan stated, you cannot create a virtual network connection, or secure an endpoint, from Web Sites to a Virtual Machine. One option to consider is the use of SSL+certificate to secure the endpoint.
If you instead deploy your web application to a web role (in a cloud service) or a virtual machine, you can then take advantage of a brand new feature called Endpoint ACL. In essence, you can whitelist / blacklist a set of IP address ranges that may access your SOLR external endpoint. You can read about ACL'd endpoints, and how to configure them, here.
Now: You might be asking yourself why this doesn't work with Web Sites. That's because Web Sites runs on a server farm, and sites don't get unique IP addresses (unlike Cloud Services).
if you are talking about Windows Azure Websites, I am not sure if this can be done but if you are talking about Web roles in Windows Azure Cloud service, here is something that I hope it can be beneficial.
Connect ASP.NET application to SQL Server in Windows Azure via Virtual Network http://msdn.microsoft.com/en-us/library/windowsazure/jj823135.aspx
you might also would like to have a look on this http://www.windowsazure.com/en-us/services/virtual-network/ I don't think you will need it but I am just sharing it with you, it is for WIndows Azure Virtual Network.
let me know if this solved your problems or if you need anything else.
We are looking to host a website (some css,js, one html file but not aspx, one generic handler).
We deployed in as:
1) Azure Web Site
2) Azure Cloud Service
Both solutions work. There is a question though: which way of hosting it is better and why? Second thing: as there might be a lot of traffic - which solution would be cheaper?
Thanks in advance,
Krzysztofuncjusz
You may want to review this article that explains the primary differences. Web Sites are best for running web applications that are relatively isolated (that do not require elevated security, remote desktop, network isolation...). Cloud services are more advanced because they give you more control over web sites while still remaining flexible. And VMs are for full control over applications that need to be installed and configured (like running SQL Server for example).
I think that main difference in abilities to modify VM and possibility to configure scalability. Web sites is something like classic hosting, without ability to login by rdp. Cloud Services allows you to configure VM and if necessary setup scalability and availability.
Can I host an application in Windows Azure and have the database stored on different server? For example I want to keep my data on a server where I dont have to worry about privicy issues. And if this is possible does it remove the value of having an application hosted in the cloud?
thanks
You mean hosting your application on Windows Azure and then hosting the database on your own servers? This is totally possible, but you'd have to publicly expose your database. You could host your database on SQL Azure and that would be a 'separate server' from your Windows Azure host. With SQL Azure, you can set up a firewall rule to allow only your application to access your database.
If you were to host your database on your own servers, I don't think that it would completely diminish the value of hosting your application on the cloud as your app tier at least would still be hosted "in the cloud". Though, you could also run into performance issues in this scenario as SQL is a little slow to access over the internet using TCP.
You can host on premise and use a secure VPN as part of Azure now. This can be done using Azure network in the latest release.
Can setup an Azure site to site VPN and get access to your private data centre that way.
I'm working with a client to plan the topology for a public facing SharePoint internet site.
The SharePoint installation will live in the client's DMZ and the plan is to use an existing SQL Server machine to host the SharePoint databases.
The problem is that there is no domain in the DMZ - and the client doesn't want to create one without going through the proper planning process.
As far as I understand, there is no way to configure a multi-server SharePoint farm without using a Domain Account to initially connect SharePoint Central Administration to SQL.
I'm pretty sure (and have tried this) that you can't use SQL Server authentication to connect the farm to SQL Server when first provisioning Central Administration using the Productions and Technologies Wizard.
My other option is a single server install, acknowledging that this limits our future growth if we ever need to add another WFE.
Thank you
No. Mostly.
It is possible because it works this way here in the company I work.
We basically have an user account with the same name on the 2 servers (web front end server and SQL database server). This account has access to the database.